Bug ID 455391: Bad parsing of query string in URL with authentication

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014
Severity: 3-Major


ASM bypass techniques discovered during Pentest.


Causes ASM to misbehave within the query string parser, and fails to detect relevant malicious requests.


Request with authentication URL.



Fix Information

We improved how the system parses query strings in absolute URLs.

Behavior Change